CVE-2017-6519

Published: 30 April 2017

avahi-daemon in Avahi through 0.6.32 and 0.7 inadvertently responds to IPv6 unicast queries with source addresses that are not on-link, which allows remote attackers to cause a denial of service (traffic amplification) and may cause information leakage by obtaining potentially sensitive information from the responding device via port-5353 UDP packets. NOTE: this may overlap CVE-2015-2809.

Priority

Low

CVSS 3 base score: 9.1

Status

Package Release Status
avahi
Launchpad, Ubuntu, Debian 		Upstream Needs triage

Ubuntu 18.04 LTS (Bionic Beaver)
Released (0.7-3.1ubuntu1.2)
Ubuntu 16.04 LTS (Xenial Xerus)
Released (0.6.32~rc+dfsg-1ubuntu2.3)
Ubuntu 14.04 ESM (Trusty Tahr)
Released (0.6.31-4ubuntu1.3)
Patches:
Upstream: https://github.com/lathiat/avahi/commit/e111def44a7df4624a4aa3f85fe98054bffb6b4f

References

Bugs

Join the discussion

Canonical is offering Extended Security Maintenance

Canonical is offering Ubuntu 14.04 Extended Security Maintenance (ESM) for security fixes and essential packages.

Find out more about ESM

Further reading